Chapter 2 Monitoring and Diagnosing Networks Flashcards Preview

CompTIA Security+ > Chapter 2 Monitoring and Diagnosing Networks > Flashcards

Flashcards in Chapter 2 Monitoring and Diagnosing Networks Deck (31)
Loading flashcards...
1

Network Monitors (sniffers)

A machine that watches network traffic and collects data. Nowadays all you need to have is a computer with an NIC in promiscuous mode (picking up all packets that run past it).

2

Application Log (event viewer)

-Events logged by applications or programs

3

Security Logs (event viewer)

-Successful and unsuccessful login attempts
-Events related to creating, opening, and deleting files
-By default, both successes and failures are not logged. You should change this.

4

Hardening

Locking down the operating system or your software's code as much as you practically can

5

Services

Programs that run on startup, and often are in the background. You should carefully disable any you don't need.

6

File and Print Server Security Risks

-Very vulnerable to DoS and access attacks
-Deactivate all ports and protocols you don't need to use

7

Directory Sharing

Should be limited to what's essential to performing system functions
-Hide root directories from browsing

8

Service Pack

Patches that address issues in the operating system that needed major reworking

9

Updates

General fixes with program code

10

Security updates

Fix various vulnerabilities that may be found on an operating system. These should be deployed within 30 days of their release

11

User Account Control

-Disable, but don't delete, all unneccesary accounts
-Pay attention not only to domain accounts, but to local accounts as well
-Make sure set passwords meet the company's minimum requirements

12

Principle of Least Privilege

Give employees access to the bare minimum of resources they need to successfully do their jobs

13

802.11x

Use MAC Filtering and port authentication together for exponential security increase

Remember, all ports you're not using can be a security risk

14

Security Posture

Make sure your security posture baselines are in compliance with HIPAA, ICI, or whoever is setting your standards.

15

Security Audits

Scheduled, in-depth checks of security
-Review security logs and compliance
-Check security device configuration

16

Remediation Policy

When a security gap is found, take note of it and develop a remediation plan.
-Sample threat classification:
-Minor: not an immediate threat
-Serious: Could pose a threat, but that's very unlikely/difficult
-Critical: It needs to be taken care of ASAP

17

Alarms

An indication of an ongoing current problem
-Good for an issue that should be looked at right away

18

Alert

You should pay attention to an alert, but it isn't an indication of impending doom.

19

Trends

Trends in threats you observe, either to your company, or to the networking world at large. These can be used to help you be proactive in your security planning.

20

Enticement vs. Entrapment

Enticement: You lure someone into a trap you setup, like a honeypot

Entrapment: Encouraging someone to break the law and reporting them for it.

21

Port 21

File Transfer Protocol (FTP)

22

Port 22

SSH, SCP and SFTP

23

Port 23

Telnet

24

Port 25
Port 110
Port 143
Port 995

SMTP
POP3
IMAP
Secure POP3

25

Port 53

Domain Name Services (DNS)

26

Port 80
Port 443

Hypertext Transfer Protocol (HTTP)
Hypertext Transfer Protocol Secure (HTTPS)

27

Port 161

Simple Network Management Protocol (SNMP)

28

Port 631

Internet Printing Protocol (IPP)

29

Port 139

Network Basic Input/output System (NetBIOS)

30

Technical Security Controls

Controls implemented using systems
Operating system controls
Hardware based